Setting module options just got easier!

Rapid7's own Dean Welch added a new option to framework called RHOST_HTTP_URL, which allows users to set values for multiple URL components, such as RHOSTS, RPORT, and SSL, by specifying a single option value. For example, instead of typing set RHOSTS example.com, set RPORT 5678, set SSL true, you can now accomplish the same thing with the command set RHOST_HTTP_URL https://example.com:5678. This functionality is currently opt-in. The steps for enabling this feature can be seen within msfconsole’s help features command.

None of your OFBiz(ness)!

Milestone PR #14000 from our own wvu adds a new module targeting a pre-auth RCE vulnerability in Apache's OFBiz ERP software version 17.12.03. This module exploits CVE-2020-9496, and takes advantage of a Java deserialization method within an unauthenticated XML-RPC interface. Latest OFBiz version 17.12.04 fixed this vuln.

More speed!

Speaking of usability improvements, Metasploit's RPC module search just got faster! Thanks to an enhancement by Alan Foster, the module.search RPC call now utilizes the module cache instead of the previous slow search functionality.

New modules (6)

Enhancements and features

  • PR #14011 from seska451 adds markdown documentation for the auxiliary/scanner/http/brute_dirs module.
  • PR #13998 from adfoster-r7 greatly improves the speed of Metasploit's module.search RPC call. This updated performance is achieved by searching the module's cache instead of framework's slow search functionality.
  • PR #13961 from dwelch-r7 adds a new RHOST_HTTP_URL option, which allows users to set values for RHOSTS, RPORT, and SSL by specifying a single URL.
  • PR #13846 from dwelch-r7 adds support for Nmap's vulners script, allowing users to import information on targets' vulnerabilities into the database.

Bugs fixed

  • PR #14007 from bcoles fixes a directory path traversal vulnerability with Msf::Post::File.file_local_write that could lead to remote code execution.
  • PR #14006 from 5tevebaker fixes an incorrect executable path in the post/osx/gather/enum_osx module, which caused failures when downloading keychains.
  • PR #14002 from wvu-r7 fixes a regression in payload encoding where whitespace bad characters were not being encoded away.
  • PR #13974 from dwelch-r7 fixes an authentication bug with the lib/metasploit/framework/login_scanner/winrm module which caused failures with servers that did not accept 'Basic' authentication.
  • PR #13951 from gwillcox-r7 improves the error message that occurs with msfvenom when a payload module is not specified.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).